Setting up HTTPS w/subdomain on Apache2

Martin Marcher martin.marcher at
Sun Dec 10 10:50:35 UTC 2006

Am 10.12.2006 um 07:32 schrieb Anthony Yarusso:

>>> Secure authentication
>>> Secure data transfer

That is what you need SSL for

>>> So far I've learned about Basic Authentication, but it said that the
>>> password is transmitted in plaintext.  Then there was Digest, but  
>>> the
>>> data is still unencrypted.  The docs recommended using SSL, and  
>>> unless
>>> I'm mistaken, HTTP w/SSL = HTTPS.  So, I'm hoping to make this
>>> particular directory accessible only with supplying a valid username
>>> and password, and have both the password and the data returned  
>>> travel
>>> the connection in encrypted form.  The virtual subdomain is a  
>>> wishlist
>>> item primarily.

Authentication would be basic or digest (Personally I'm using basic  
since it's - imho - a lot more compatible with clients)

>>> Note: this ONLY needs to apply to a particular directory; I want the
>>> rest of the site accessible normally with unauthenticated http.

 From what I know the easiest way would be to have <- points to the publicly available part <- holds all stuff that should be encrypted

Something to think of: With a single IP Address it's not possible (at  
lost without investing money) to have different SSL Hosts on the same  
IP. Apache will use the first SSL Host it finds to do encryption.  
This is necessary since the client etablishes the encrypted  
communication before even making a request.

So: https:/,  
- where part1 and part2 could have totally different content.

Just direct your users to the secured subdomain and directory (if you  
have the need for more than one), whenever they need to access a  
secure part.

could be done with

If you have only one directory (with only a single directory):
RewriteEnginge On
RewriteRule ^/secure [R]

More secured directories (this will redirect all subdirectories in to$SUBDIRECTORY):
RewriteEnginge On
RewriteRule ^/(.+)$1 [R]

Read a bit about some regular expressions how to get the correct  

>> I think you could use mod_rewrite to redirect non-https requests to
>> https for the subdomain. I'm not sure what your question is, though,
>> whether it's about how to set up https in general, or force all
>> traffic to use https?

that is the module you need to enable, try a2enmod in a shell or man  
a2enmod quite a convenient command...

hope that gives you a starting point

More information about the ubuntu-users mailing list